[IPython-dev] Disabling Authentication for Kernels
Andrew Gibiansky
andrew.gibiansky at gmail.com
Mon Mar 2 17:45:43 EST 2015
Thank you all! I had missed the fact that it was using `hexdigest` as
opposed to `digest`. It works now, albeit perhaps with a substandard SHA
implementation (speed wise).
-- Andrew
On Mon, Mar 2, 2015 at 2:20 PM, Brian Wolf <bw at activustech.com> wrote:
> Here's how I implemented authentication in Python for a project a few
> years ago.
>
> from passlib.context import CryptContext
>
>
> pwd_context = CryptContext(
> schemes=["sha256_crypt", "sha512_crypt", "pbkdf2_sha256"],
> default="sha256_crypt",
> all__vary_rounds = "10%",
> sha256_crypt__default_rounds = 10000
> )
>
>
> if pwd_context.verify(pwd_during_login, pwd_in_db):
> # password hashes match; set user as logged in
> else:
> # password hashes do not match; user not logged in
>
>
>
> Thank you.
> Brian
>
> ------------------------------
>
>
> - Activus Technologies
> - Brian Wolf
> - Phone: 410.367.2958
> - ✓ Recurring payment solutions
> - ✓ Custom software development
>
> On 03/02/2015 03:14 PM, Andrew Gibiansky wrote:
>
> Sounds reasonable. I sadly am not very well-versed in cryptographic
> hashing, which is why I originally avoided dealing with it.
>
> I've now implemented HMAC-SHA256 signing, but am generating invalid
> signatures. So, two questions:
>
> 1. What are good ways to debug this?
> 2. My suspicion is that I am treating the key incorrectly. If I understand
> correctly, the provided key is something like "base64-base64-base64". Is
> that string meant to be taken literally as the key (when decoded from
> Utf8), or is the idea to do a base64 decoding of that and use that as the
> key?
>
> Thanks,
> -- Andrew
>
> On Mon, Mar 2, 2015 at 9:33 AM, Thomas Kluyver <takowl at gmail.com> wrote:
>
>> On 2 March 2015 at 00:23, Andrew Gibiansky <andrew.gibiansky at gmail.com>
>> wrote:
>>
>>> Is there a way to disable authentication for a kernel via its
>>> kernelspec/kernel.json? If not, is there any way around this issue other
>>> than creating a custom profile (or biting the bullet and figuring out and
>>> implementing authentication)?
>>
>>
>> If your language has a working HMAC library, implementing the
>> authentication should be trivial. Even in R, it wasn't hard:
>> https://github.com/takluyver/IRkernel/blob/master/R/kernel.r#L15
>>
>> Thomas
>>
>> _______________________________________________
>> IPython-dev mailing list
>> IPython-dev at scipy.org
>> http://mail.scipy.org/mailman/listinfo/ipython-dev
>>
>>
>
>
> _______________________________________________
> IPython-dev mailing listIPython-dev at scipy.orghttp://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
>
> _______________________________________________
> IPython-dev mailing list
> IPython-dev at scipy.org
> http://mail.scipy.org/mailman/listinfo/ipython-dev
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.python.org/pipermail/ipython-dev/attachments/20150302/a6f6265c/attachment.html>
More information about the IPython-dev
mailing list